Not mentioned thus far is that if you are using 1.0.2 with FIPS support, the random number generator does not self-seed. Pauli -- Oracle Dr Paul Dale | Cryptographer | Network Security & Encryption Phone +61 7 3031 7217 Oracle Australia -----Original Message----- From: Andres Traumann [mailto:andres.traumann.01@xxxxxxxxx] Sent: Friday, 5 October 2018 3:54 AM To: openssl-users@xxxxxxxxxxx Subject: Re: Seeding before RSA key generation Thank you for your help. Andres On 10/4/18 6:47 PM, Matt Caswell wrote: > > On 04/10/18 16:14, Salz, Rich via openssl-users wrote: >> Which version of OpenSSL are you using? >> >> 1.0.2 and 1.1.0 have a bad random number generator and must be explicitly seeded. > This is not correct. The RNG in 1.0.2 and 1.1.0 automatically seeds. > There is no need to explicitly seed it. I also wouldn't describe it as > "bad". 1.1.1 has a much better RNG, but there is no reason not to > trust and use the 1.0.2 and 1.1.0 RNG. > >> 1.1.1 has a good random number generator and auto-seeds. >> > 1.0.2 and 1.1.0 auto seed. 1.1.1 additionally auto-*re*seeds. > > Matt -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users -- openssl-users mailing list To unsubscribe: https://mta.openssl.org/mailman/listinfo/openssl-users
